Cyber Security and its impact on

SCADA / SMART GRIDS

Dan Tofan

Technical Manager CERT-RO

CERT-RO?

• Computer Emergency Response Team – CERT-

RO is a national contact point regarding cyber

security incidents.

• CERT-RO is coordinated by the Ministry of

Information Society and is financed only from the

state budget.

Analysis report for the 1st quarter of 2013

• The scope of this paper is to present a review of the cyber security incidents reported to CERT-RO during the period 01.01 – 30.06.2013 and achieving an overview of the nature and dynamics of this type of events/incidents which are relevant for cyber security risk assessment concerning the IT&C infrastructure located in Romania, that are under CERT-RO competence.

• The Full Report is available at: http://www.cert-ro.eu/articol.php?idarticol=755

First semester analysis report

Alerts Number Unique IP

First semester compromised “.ro” domains

1

2468

2940

269

0

500

1000

1500

2000

2500

3000

3500

BotnetCC Defacement Malware Distribution Phishing

First semester analysis report

• Botnet drone – Network of compromised computers, remotely controlled from other people/organizations than their owners.

• Microsoft Safety & Security Center: ” Botnets can be used to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, it might slow down and you might be inadvertently helping criminals.”

http://www.microsoft.com/security/resources/botnet-whatis.aspx

Conclusions

• Cyber-security threats to our national cyberspace have diversified, evolutionary trends being revealed, both in terms of quantity and in terms of technical complexity;

• Over 12,5% of Romania allocated IP address range is infected with various types of malware (botnet), that are afterwards used in diverse attacks aimed at targets located outside Romania, the identity of the attacker remaining unrevealed.

• For more than 80% of the reported unique IP addresses the operating system is part of Windows XP/2000 family.

• RO can not be considered as an incident source anymore, the intermediate/transit character being substantiated by this report.

ICS – SCADA – SMART GRID

• Industrial Control Systems – command and control networks and systems designed to support industrial processes.

• SCADA (Supervisory Control and Data Acquisition) – the largest subgroup of ICS.

• Smart Grids – an upgraded electricity network depending on two-way digital communications between supplier and consumer that in turn give support to intelligent metering and monitoring systems.

SCADA alerts for RO

June – December 2012 – 6 security incidents that also involved Romanian SCADA infrastructure.

Romanian IP addresses belongs to vulnerable running operating systems that could have been compromised by attackers at any time.

SCADA alerts for RO

SCADA alerts for RO

SCADA alerts for RO

Questions??